Sign-up

ID

VAR-201908-0923


CVE

CVE-2019-14357


TITLE

Mooltipass Mini Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-27432 // CNNVD: CNNVD-201908-659

DESCRIPTION

On Mooltipass Mini devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data. NOTE: the vendor's position is that an attack is not "realistically implementable. ** Unsettled ** This case has not been confirmed as a vulnerability. Mooltipass Mini The device contains an information disclosure vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2019-14357Information may be obtained. The vulnerability stems from errors in the configuration of the network system or product during operation. An unauthorized attacker can exploit the vulnerability to obtain sensitive information about the affected component

Trust: 2.25

sources: NVD: CVE-2019-14357 // JVNDB: JVNDB-2019-008035 // CNVD: CNVD-2019-27432 // VULHUB: VHN-146295

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-27432

AFFECTED PRODUCTS

vendor:mooltipassmodel:miniscope:eqversion: -

Trust: 1.0

vendor:mooltipassmodel:miniscope: - version: -

Trust: 0.8

vendor:mooltipassmodel:mini mooltipass miniscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2019-27432 // JVNDB: JVNDB-2019-008035 // NVD: CVE-2019-14357

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-14357
value: LOW

Trust: 1.0

NVD: CVE-2019-14357
value: LOW

Trust: 0.8

CNVD: CNVD-2019-27432
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201908-659
value: LOW

Trust: 0.6

VULHUB: VHN-146295
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-14357
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-27432
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-146295
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-14357
baseSeverity: LOW
baseScore: 2.4
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-27432 // VULHUB: VHN-146295 // JVNDB: JVNDB-2019-008035 // CNNVD: CNNVD-201908-659 // NVD: CVE-2019-14357

PROBLEMTYPE DATA

problemtype:CWE-203

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-146295 // JVNDB: JVNDB-2019-008035 // NVD: CVE-2019-14357

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201908-659

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-008035

PATCH
title:CVE-2019-14357 - Team Statement and Firmware Updatesurl:https://github.com/limpkin/mooltipass/blob/master/CVE-2019-14357_statement.md
Trust: 0.8
title:Mooltipass Mini Information Disclosure Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/175187
Trust: 0.6
title:Mooltipass Mini Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96361
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-27432 // 
            
            
            
            JVNDB: JVNDB-2019-008035 // 
            
            
            
            CNNVD: CNNVD-201908-659

EXTERNAL IDS
db:NVDid:CVE-2019-14357
Trust: 3.1
db:JVNDBid:JVNDB-2019-008035
Trust: 0.8
db:CNNVDid:CNNVD-201908-659
Trust: 0.7
db:CNVDid:CNVD-2019-27432
Trust: 0.6
db:VULHUBid:VHN-146295
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-27432 // 
            
            
            
            VULHUB: VHN-146295 // 
            
            
            
            JVNDB: JVNDB-2019-008035 // 
            
            
            
            CNNVD: CNNVD-201908-659 // 
            
            
            
            NVD: CVE-2019-14357

REFERENCES
url:https://github.com/limpkin/mooltipass/blob/master/cve-2019-14357_statement.md
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-14357
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-14357
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-27432 // 
            
            
            
            VULHUB: VHN-146295 // 
            
            
            
            JVNDB: JVNDB-2019-008035 // 
            
            
            
            CNNVD: CNNVD-201908-659 // 
            
            
            
            NVD: CVE-2019-14357

SOURCES
db:CNVDid:CNVD-2019-27432
db:VULHUBid:VHN-146295
db:JVNDBid:JVNDB-2019-008035
db:CNNVDid:CNNVD-201908-659
db:NVDid:CVE-2019-14357

LAST UPDATE DATE
2024-11-23T23:08:17.477000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-27432date:2019-08-15T00:00:00
db:VULHUBid:VHN-146295date:2019-08-21T00:00:00
db:JVNDBid:JVNDB-2019-008035date:2019-08-23T00:00:00
db:CNNVDid:CNNVD-201908-659date:2019-08-23T00:00:00
db:NVDid:CVE-2019-14357date:2024-11-21T04:26:34.960

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-27432date:2019-08-15T00:00:00
db:VULHUBid:VHN-146295date:2019-08-10T00:00:00
db:JVNDBid:JVNDB-2019-008035date:2019-08-23T00:00:00
db:CNNVDid:CNNVD-201908-659date:2019-08-10T00:00:00
db:NVDid:CVE-2019-14357date:2019-08-10T16:15:11.380